Filtered by vendor Docker
Subscribe
Total
98 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9357 | 1 Docker | 1 Docker | 2023-11-07 | 10.0 HIGH | N/A |
| Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction. | |||||
| CVE-2014-5282 | 1 Docker | 1 Docker | 2023-11-07 | 5.5 MEDIUM | 8.1 HIGH |
| Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'. | |||||
| CVE-2014-5278 | 1 Docker | 1 Docker | 2023-11-07 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs. | |||||
| CVE-2014-5277 | 1 Docker | 2 Docker, Docker-py | 2023-11-07 | 5.0 MEDIUM | N/A |
| Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. | |||||
| CVE-2023-5166 | 1 Docker | 1 Docker Desktop | 2023-09-26 | N/A | 6.5 MEDIUM |
| Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0. | |||||
| CVE-2023-5165 | 1 Docker | 1 Docker Desktop | 2023-09-26 | N/A | 8.8 HIGH |
| Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.23.0. Affected Docker Desktop versions: from 4.13.0 before 4.23.0. | |||||
| CVE-2023-0633 | 1 Docker | 1 Docker Desktop | 2023-09-25 | N/A | 7.8 HIGH |
| In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0. | |||||
| CVE-2023-0625 | 1 Docker | 1 Docker Desktop | 2023-09-25 | N/A | 9.8 CRITICAL |
| Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0. | |||||
| CVE-2023-0627 | 1 Docker | 1 Docker Desktop | 2023-09-25 | N/A | 7.8 HIGH |
| Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X. | |||||
| CVE-2023-0626 | 1 Docker | 1 Docker Desktop | 2023-09-25 | N/A | 9.8 CRITICAL |
| Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0. | |||||
| CVE-2021-44719 | 2 Apple, Docker | 3 Mac Os X, Macos, Docker Desktop | 2023-08-08 | 6.6 MEDIUM | 8.4 HIGH |
| Docker Desktop 4.3.0 has Incorrect Access Control. | |||||
| CVE-2022-34292 | 1 Docker | 1 Desktop | 2023-05-09 | N/A | 7.1 HIGH |
| Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647. | |||||
| CVE-2022-31647 | 1 Docker | 1 Desktop | 2023-05-09 | N/A | 7.1 HIGH |
| Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659. | |||||
| CVE-2022-37326 | 1 Docker | 1 Desktop | 2023-05-09 | N/A | 7.8 HIGH |
| Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation. | |||||
| CVE-2022-38730 | 1 Docker | 1 Desktop | 2023-05-09 | N/A | 6.3 MEDIUM |
| Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..\dataRoot\network\files\local-kv.db because of a TOCTOU race condition. | |||||
| CVE-2022-34883 | 3 Docker, Hitachi, Microsoft | 3 Docker, Raid Manager Storage Replication Adapter, Windows | 2023-04-21 | N/A | 8.8 HIGH |
| OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker. | |||||
| CVE-2022-34882 | 3 Docker, Hitachi, Microsoft | 3 Docker, Raid Manager Storage Replication Adapter, Windows | 2023-04-21 | N/A | 6.5 MEDIUM |
| Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker. | |||||
| CVE-2023-0628 | 1 Docker | 1 Docker Desktop | 2023-03-17 | N/A | 7.8 HIGH |
| Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL. | |||||
| CVE-2014-0048 | 2 Apache, Docker | 2 Geode, Docker | 2023-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. | |||||
| CVE-2014-8179 | 2 Docker, Opensuse | 3 Cs Engine, Docker, Opensuse | 2023-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. | |||||